Ivanti VPN customers targeted via unrecognized RCE vulnerability (CVE-2025-22457)

A suspected Chinese APT group has exploited CVE-2025-22457 – a buffer overflow bug that was previously thought not to be exploitable – to compromise appliances running Ivanti Connect Secure (ICS) 22.7R2.5 or earlier or Pulse Connect Secure 9.1x. The vulnerability was patched by Ivanti in ICS 22.7R2.6, released on February 11, 2025. But, apparently, the threat actor studied the patch and “uncovered through a complicated process, [that] it was possible to exploit 22.7R2.5 and earlier … More → The post Ivanti VPN customers targeted via unrecognized RCE vulnerability (CVE-2025-22457) appeared first on Help Net Security.
http://news.poseidon-us.com/TJxGB5

Ivanti VPN customers targeted via unrecognized RCE vulnerability (CVE-2025-22457)

Like this:

Related

More Posts

Toyota Financial Services appoints CIO

April 2025 Patch Tuesday forecast: More AI security introduced by Microsoft

Forward-thinking CISOs are shining a light on shadow IT

Connected cars drive into a cybersecurity crisis

Benefits from privacy investment are greater than the cost

Inside the AI-driven threat landscape

New infosec products of the week: April 4, 2025

ISC Stormcast For Friday, April 4th, 2025 https://isc.sans.edu/podcastdetail/9394, (Fri, Apr 4th)

Aussie super funds targeted by fraudsters using stolen creds

Physicists uncover electronic interactions mediated via spin waves

Share this:

Like this:

Related

More Posts